SlideShare a Scribd company logo

Information Security

We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.

Information security focuses on protecting valuable information that will help businesses to succeed in their strategies. Confidentiality, integrity and availability are the three basic objectives of Information Security. For more such innovative content on management studies, join WeSchool PGDM-DLP Program: http://bit.ly/ZEcPAc

Business
1 of 19
Download to read offline
I.T. for Management Section2 Chapter 18 Information Security
Information Security IT Security,Control,Audit & governance Information is Power is a very old adage in the IT sector. In today’s world information is being increasingly viewed as an Asset which has real value & is to be protected Accumulating information was once done more for Statutory purposes.Today sophisticated data warehouses are hold what may be considered as “gold mine” of knowledge & data mining tools are available to extract the right information at right time
Information Security Objectives of IT Security Management The purpose of IT Security Management is to ensure: •Confidentiality :Restricting access to right people for the right purpose •Integrity: Correctness& validity of information stored or processed •Availability : Ensuring information is available to authorized persons
Information Security In almost every large enterprise, the physical and IT security departments operate independently of each other. They are generally unaware of the strengths and weaknesses of one another's practices, the liabilities of operating independently, and the benefits of integrated security management.
Information Security Physical Security and IT Security Physical security focuses on the protection of physical assets, personnel and facility structures. This involves managing the flow of individuals and assets into, out of, and within a facility. IT security focuses on the protection of information resources, primarily computer and telephone systems and their data networks. This involves managing the flow of information into, out of, and within a facility's IT systems, including human access to information systems and their networks. Clearly these two are separate domains. Why should they be integrated?
Information Security Physical Security and IT Security a Management Issue The question above accurately reflects the thoughts of most security practitioners as they approach this subject. How is the question misleading? To lean on a common idiom, it focuses on the trees rather than the forest. It is the management of physical and IT security that must be integrated. No one is going to integrate a brick wall and a database. However, the management of who is allowed inside the wall and inside the database must be integrated, or there will be gaps in the organization's security. Figure 1 below illustrates the concept of integrated security management. Whenever you hear or read the phrase “integration of physical and IT security,” think “integration of physical and IT security management” and you'll be on the right track.
Information Security
Information Security While it is true that many of the physical and IT security processes and procedures must be integrated at the technology level, it is not the technology that defines the integration. The business processes and procedures define it; the technology implements it. That's why the first step in integrating physical and IT security is an examination of security-related business requirements and the physical and IT security processes that support them. The integration of the business processes will determine where integration of physical security and IT technology is required
Information Security Integrating Security Management
Information Security Types of Examples control control Physical Doors & Lock,Security gates,raised floors,double doors,ups system IT related Password, Directory services,Firewall,antivirus Application server,Hot standby server,backup of software Document Correct labeling ,version control,copies of key related documents Application Data validation so that correct data only Specific accepted Length,Range,Code checked Process related checks Output controls
Information Security Standards BS 7799 Standard The subject of IT security is therefore not one of merely putting appropriate control measures A process approach whereby the information security has •Defined organizational policy •Backed by management commitment •Necessary resources,Defined procedures •Appropriate control objectives •Suitable control measures •Recording & reviewing incidences •Continuous improvement of security process
Information Security Standards BS 7799 Standard The BS7799 is a British standard which addresses precisely this aspect. It provides a comprehensive framework within which an organization can set up an effective Information Security Management System(ISMS) More specifically some of controls objectives which it describes include following •Management of ISMS •Physical security •Information processing •Access to information to IT employees,outsourced vendors •Access from remote location
Information Security Standards BS 7799 Standard To implement the BS7799 standard an organization must take following steps. •Define Information security policy •Organization & its management must demonstrate its commitment to information There must be formal reviews related with security incidents •Risk assessment.The organization must conduct risk assessment.This will help to identify the more important sources of risk.It would select from the following strategies Risk avoidance,Migration,Insurance or transfer Assumption of risk Cont…..
Information Security Standards BS 7799 Standard • Based on the strategy decided for each risk asset combination it will select appropriate control to manage the risk. •For instance to prevent unauthorized entry it may provide smart card or biometric entry •The organization would have also identified detailed procedure for implementing and monitoring ,defined roles various controls,Dos &don’t to all employees •Finally process needs to be sustained & continuously evaluated
Information Security Standards Business Continuity Planning (BCP) __ Availability is one of the key elements in the information security.Failure in IT for e.g incidents like power failure,Virus attack can be disastrous Organizations such as the stock exchange or a bank works on a Central data center. BCP outlines: The Objective of plan in event of disaster The resources Priorities assigned for Business continuity Procedures to follow in the event of disaster Communication to outsider
Information Security Standards Business Continuity Planning (BCP) __ The BCP ensures that certain critical business functions continue despite a disaster The BCP also can be viewed from point of 3 stages •Pre-disaster •During the disaster •Post disaster Thus each procedure should cover these three stages Disaster Recovery is a set of plans to enable an organization to come back to normalcy
Information Security Standards Business Continuity Planning (BCP) Disaster Recovery __ The time frame within which the recovery must happen is a matter of practicality & organizations policy. Solutions used for BCP Hard disk Crash RAID Arrays Mirror disk SAN/NAS solution Complete data center crippled Hot remote site .e.g NSE has a hot site at Pune,which take over if Mumbai center fails Telecom/ISP crashes Have a leased line from more than one ISP
Information Security Standards Business Continuity Planning (BCP) __ The choice of solution depends upon the perceived impact of the disaster on business continuity Most of the times the BCP/DR misses out on Mock Drills This can be best done thru simulation by generating a disaster conditions thereby enabling & training people to understand individual role at the time of disaster & specific actions to be taken
Information Security End of Chapter 18

Recommended

Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 

Recommended

Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Khawar Nehal khawar.nehal@atrc.net.pk
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 

More Related Content

What's hot

Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 

What's hot (20)

Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Information security management
Information security managementInformation security management
Information security management
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 

Viewers also liked

Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance programSiddharth Janakiram
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
CSS-454 information Security Assurance CAPSTONE
CSS-454 information Security Assurance CAPSTONECSS-454 information Security Assurance CAPSTONE
CSS-454 information Security Assurance CAPSTONEMark Simon
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 

Viewers also liked (12)

Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
 
Aetna information security assurance program
Aetna information security assurance programAetna information security assurance program
Aetna information security assurance program
 
Isa 2
Isa 2 Isa 2
Isa 2
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
CSS-454 information Security Assurance CAPSTONE
CSS-454 information Security Assurance CAPSTONECSS-454 information Security Assurance CAPSTONE
CSS-454 information Security Assurance CAPSTONE
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assurance
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 

Similar to Information Security

INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance EyesOpen Association
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
The Importance of Data Center Security and Risk Management.pptx
The Importance of Data Center Security and Risk Management.pptxThe Importance of Data Center Security and Risk Management.pptx
The Importance of Data Center Security and Risk Management.pptxBluechip Gulf IT Services
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docxmoggdede
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Similar to Information Security (20)

Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance
 
Topic11
Topic11Topic11
Topic11
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
The Importance of Data Center Security and Risk Management.pptx
The Importance of Data Center Security and Risk Management.pptxThe Importance of Data Center Security and Risk Management.pptx
The Importance of Data Center Security and Risk Management.pptx
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx11What is Security 1.1 Introduction The central role of co.docx
11What is Security 1.1 Introduction The central role of co.docx
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Information security
Information securityInformation security
Information security
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
111.pptx
111.pptx111.pptx
111.pptx
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

More from We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.

More from We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program. (20)

PGDM in Supply Chain Management
PGDM in Supply Chain ManagementPGDM in Supply Chain Management
PGDM in Supply Chain Management
 
PGDM in Rural & Agribusiness Management
PGDM in Rural & Agribusiness ManagementPGDM in Rural & Agribusiness Management
PGDM in Rural & Agribusiness Management
 
PGDM in E-Commerce Management
PGDM in E-Commerce ManagementPGDM in E-Commerce Management
PGDM in E-Commerce Management
 
PGDM in Service Excellence
PGDM in Service ExcellencePGDM in Service Excellence
PGDM in Service Excellence
 
PGDM in International Management
PGDM in International ManagementPGDM in International Management
PGDM in International Management
 
PGDM in IT Project Management
PGDM in IT Project ManagementPGDM in IT Project Management
PGDM in IT Project Management
 
Distance Learning PGDM in E-Business Management
Distance Learning PGDM in E-Business ManagementDistance Learning PGDM in E-Business Management
Distance Learning PGDM in E-Business Management
 
Distance Learning PGDM in Business Administration
Distance Learning PGDM in Business AdministrationDistance Learning PGDM in Business Administration
Distance Learning PGDM in Business Administration
 
PGDM in Finance Management
PGDM in Finance ManagementPGDM in Finance Management
PGDM in Finance Management
 
PGDM in Marketing Management
PGDM in Marketing ManagementPGDM in Marketing Management
PGDM in Marketing Management
 
PGDM in Operation Management
PGDM in Operation ManagementPGDM in Operation Management
PGDM in Operation Management
 
Marketing Management
Marketing ManagementMarketing Management
Marketing Management
 
PGDM in Media & Advertising
PGDM in Media & AdvertisingPGDM in Media & Advertising
PGDM in Media & Advertising
 
We School HR Management
We School HR ManagementWe School HR Management
We School HR Management
 
WE SCHOOL TRAVEL & TOURISM MANAGEMENT
WE SCHOOL TRAVEL & TOURISM MANAGEMENTWE SCHOOL TRAVEL & TOURISM MANAGEMENT
WE SCHOOL TRAVEL & TOURISM MANAGEMENT
 
Personal budgeting
Personal budgetingPersonal budgeting
Personal budgeting
 
Maintaining the financial health of businesses through financial accounting
Maintaining the financial health of businesses through financial accountingMaintaining the financial health of businesses through financial accounting
Maintaining the financial health of businesses through financial accounting
 
Asset Management Case Sstudy
Asset Management Case SstudyAsset Management Case Sstudy
Asset Management Case Sstudy
 
Team management’ scored on the football
Team management’ scored on the footballTeam management’ scored on the football
Team management’ scored on the football
 
Mc donalds Recruitment Case Study
Mc donalds Recruitment Case StudyMc donalds Recruitment Case Study
Mc donalds Recruitment Case Study
 

Recently uploaded

14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAScathy664059
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressorselgieurope
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 

Recently uploaded (20)

14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS14680-51-4.pdf Good quality CAS Good quality CAS
14680-51-4.pdf Good quality CAS Good quality CAS
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressors
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 

Information Security

  • 1. I.T. for Management Section2 Chapter 18 Information Security
  • 2. Information Security IT Security,Control,Audit & governance Information is Power is a very old adage in the IT sector. In today’s world information is being increasingly viewed as an Asset which has real value & is to be protected Accumulating information was once done more for Statutory purposes.Today sophisticated data warehouses are hold what may be considered as “gold mine” of knowledge & data mining tools are available to extract the right information at right time
  • 3. Information Security Objectives of IT Security Management The purpose of IT Security Management is to ensure: •Confidentiality :Restricting access to right people for the right purpose •Integrity: Correctness& validity of information stored or processed •Availability : Ensuring information is available to authorized persons
  • 4. Information Security In almost every large enterprise, the physical and IT security departments operate independently of each other. They are generally unaware of the strengths and weaknesses of one another's practices, the liabilities of operating independently, and the benefits of integrated security management.
  • 5. Information Security Physical Security and IT Security Physical security focuses on the protection of physical assets, personnel and facility structures. This involves managing the flow of individuals and assets into, out of, and within a facility. IT security focuses on the protection of information resources, primarily computer and telephone systems and their data networks. This involves managing the flow of information into, out of, and within a facility's IT systems, including human access to information systems and their networks. Clearly these two are separate domains. Why should they be integrated?
  • 6. Information Security Physical Security and IT Security a Management Issue The question above accurately reflects the thoughts of most security practitioners as they approach this subject. How is the question misleading? To lean on a common idiom, it focuses on the trees rather than the forest. It is the management of physical and IT security that must be integrated. No one is going to integrate a brick wall and a database. However, the management of who is allowed inside the wall and inside the database must be integrated, or there will be gaps in the organization's security. Figure 1 below illustrates the concept of integrated security management. Whenever you hear or read the phrase “integration of physical and IT security,” think “integration of physical and IT security management” and you'll be on the right track.
  • 8. Information Security While it is true that many of the physical and IT security processes and procedures must be integrated at the technology level, it is not the technology that defines the integration. The business processes and procedures define it; the technology implements it. That's why the first step in integrating physical and IT security is an examination of security-related business requirements and the physical and IT security processes that support them. The integration of the business processes will determine where integration of physical security and IT technology is required
  • 10. Information Security Types of Examples control control Physical Doors & Lock,Security gates,raised floors,double doors,ups system IT related Password, Directory services,Firewall,antivirus Application server,Hot standby server,backup of software Document Correct labeling ,version control,copies of key related documents Application Data validation so that correct data only Specific accepted Length,Range,Code checked Process related checks Output controls
  • 11. Information Security Standards BS 7799 Standard The subject of IT security is therefore not one of merely putting appropriate control measures A process approach whereby the information security has •Defined organizational policy •Backed by management commitment •Necessary resources,Defined procedures •Appropriate control objectives •Suitable control measures •Recording & reviewing incidences •Continuous improvement of security process
  • 12. Information Security Standards BS 7799 Standard The BS7799 is a British standard which addresses precisely this aspect. It provides a comprehensive framework within which an organization can set up an effective Information Security Management System(ISMS) More specifically some of controls objectives which it describes include following •Management of ISMS •Physical security •Information processing •Access to information to IT employees,outsourced vendors •Access from remote location
  • 13. Information Security Standards BS 7799 Standard To implement the BS7799 standard an organization must take following steps. •Define Information security policy •Organization & its management must demonstrate its commitment to information There must be formal reviews related with security incidents •Risk assessment.The organization must conduct risk assessment.This will help to identify the more important sources of risk.It would select from the following strategies Risk avoidance,Migration,Insurance or transfer Assumption of risk Cont…..
  • 14. Information Security Standards BS 7799 Standard • Based on the strategy decided for each risk asset combination it will select appropriate control to manage the risk. •For instance to prevent unauthorized entry it may provide smart card or biometric entry •The organization would have also identified detailed procedure for implementing and monitoring ,defined roles various controls,Dos &don’t to all employees •Finally process needs to be sustained & continuously evaluated
  • 15. Information Security Standards Business Continuity Planning (BCP) __ Availability is one of the key elements in the information security.Failure in IT for e.g incidents like power failure,Virus attack can be disastrous Organizations such as the stock exchange or a bank works on a Central data center. BCP outlines: The Objective of plan in event of disaster The resources Priorities assigned for Business continuity Procedures to follow in the event of disaster Communication to outsider
  • 16. Information Security Standards Business Continuity Planning (BCP) __ The BCP ensures that certain critical business functions continue despite a disaster The BCP also can be viewed from point of 3 stages •Pre-disaster •During the disaster •Post disaster Thus each procedure should cover these three stages Disaster Recovery is a set of plans to enable an organization to come back to normalcy
  • 17. Information Security Standards Business Continuity Planning (BCP) Disaster Recovery __ The time frame within which the recovery must happen is a matter of practicality & organizations policy. Solutions used for BCP Hard disk Crash RAID Arrays Mirror disk SAN/NAS solution Complete data center crippled Hot remote site .e.g NSE has a hot site at Pune,which take over if Mumbai center fails Telecom/ISP crashes Have a leased line from more than one ISP
  • 18. Information Security Standards Business Continuity Planning (BCP) __ The choice of solution depends upon the perceived impact of the disaster on business continuity Most of the times the BCP/DR misses out on Mock Drills This can be best done thru simulation by generating a disaster conditions thereby enabling & training people to understand individual role at the time of disaster & specific actions to be taken
  • 19. Information Security End of Chapter 18